Skip to main content
Derrick Whisel

By: Derrick Whisel on December 20th, 2018

Print/Save as PDF

3 Cybersecurity Questions to Ask Yourself as You Head Into 2019

Cybersecurity

As we head into the New Year and I pull together the last security blog of 2018, I want to highlight a few of the latest exploits and breaches that showed up on my security news radar during Thanksgiving week and the important questions they pose. Don’t head into 2019 without asking yourself these top cybersecurity questions:

1. How is your Email Security?

News Headline: New HealthEquity Data Breach Exposes PII/PHI of Almost 21,000 Customers

Highlights:

  • HealthEquity is an IRS non-bank health savings trustee that handles more than 3.4 million health savings accounts (HSAs)
  • October-September 2018 – Email breach exposed the personal health information (PHI) and/or personally identifiable information (PII) of nearly 21,000 subscribers
  • It’s happened once before this year: June 2018 – Phishing attack exposed the personal health information (PHI) of approximately 23,000 subscribers
  • Data exposed includes employee names, plans, account types, and health plan enrollment data


(Read more on Softpedia)


*Bonus Question:
How is your security awareness training?

 

2. How is your Malware Protection?

News Headline: 500 Percent Increase in macOS/iOS Ransomware Attacks During 1H of 2018

Highlights:

  • Managed service providers (MSPs) reported a 500% surge of macOS/iOS ransomware attacks from January to June 2018
  • 92% of MSPs predict the number of ransomware attacks will continue at current, or worse, rates
  • 79% of MSPs said that ransomware is still a massive threat to small-to-midsized businesses (SMBs)
  • 79% of MSPs report ransomware attacks against customers
  • 67% of MSPs report victimized clients experienced a loss of business productivity

 
(Read more on Softpedia)

 

3. How is your Endpoint Protection or Endpoint Detection and Response (EDR)?

News Headline: Hackers Discover iPhone X Bug Exposing Files, Including Deleted Photos

Highlights:

  • Hacker group Fluoroacetate broke into the iPhone X at the Pwn2Own hacking contest in Tokyo
  • They used a Safari browser vulnerability
  • Exploit allows unauthorized access to user files, including current and deleted photos
  • Samsung’s Galaxy S9 and Xiaomi Mi6 where also hacked at the same event

 (Read more on Softpedia)

 

What should you do?

We say it so often in the security industry it feels like this goes without saying, but I’ll write it anyway. Trust but verify all links, attachments, and digital requests that come your way. There’s no silver bullet, but there are countless time, money, and resource-sucking nefarious cyber criminals lurking behind every mouse click and digital door you go through. Being vigilant, hyper-aware, and maintaining good digital hygiene, and teaching your users to do the same, will save you from future headaches.

For organizations, a layered security approach cannot be overlooked, and there is no substitute for Defense in Depth. The security and infrastructure controls we implement at IE include segmentation, patching, adoptions, and best practice configurations of the existing tools in our arsenal because infrastructure protection and security is our priority. Ask yourself, is there anything extra you can do, from an infrastructure perspective, to add more defensive layers and minimize lateral movement of malware in your network? Are you using all the current capabilities you have today to their fullest potential?

 

If the answer is no, or you aren’t sure, reach out to our Security Team today. We’ll assess your current security program to identify any gaps and help you build a stronger path to delivering Security Anywhere, Any Way.

 

Have Questions? Contact the IE Security team to discuss how you can achieve Security Anywhere, Any Way

About Derrick Whisel

Derrick Whisel has worked in IT for over 20 years, with extensive experience in project engineering, management, scoping, budgeting and design. He began his career in the military, and after being honorably discharged as an IT2 Second Class Petty Officer, moved into the private sector where he now works as a Senior Technical Advisor for Security Solutions here at Internetwork Engineering.